Security audit finds dev OUTSOURCED his JOB to China to goof off at work

While The Register is usually a pretty reliable source, parts of this fall into the 'too good to be true' area for me, particularly the logs which have supposedly been released for some reason of exactly what he spent his time doing. Although to be true UL material it wouldn't end with him no longer being at the company, he'd have been promoted.

A security audit of a US critical infrastructure company last year revealed that its star developer had outsourced his own job to a Chinese subcontractor and was spending all his work time playing around on the internet.

Company is unnamed. The company's ISP Verizon is cited as the source, but the link to their statement in the article is dead.

Surely if he was that smart he wouldn't have entrusted his VPN key to people half way around the world and would have had them upload their work somewhere for him to pull down, rather than giving them full security access to his systems?

Many times its not possible to do the work without accessing the company network. You have data that you need, source code and infrastructure like databases etc. if he had to send everything to the offshore developer, he would be spending all day copying stuff

I don't think this is real though. A big part of a developers job is communication, especially if s/he is a star onshore developer. The raw coding by itself is probably half the work. Also, to be able to communicate effectively, he will have to understand issues himself, so he would have to spend time talking to his developer offshore. Our leads usually have 3 offshore developers under them, and they spend 40% of their time talking to offshore developers, 30% talking to onshore and 30% coding

I am trying to remember which webcomic had this happen in it. I THINK it was Dilbert, several years ago, but I am not sure. In the end, the guy ended up taking on a couple of different jobs at different places and outsourcing all the work to a team in China, paying them 10% of his pay, and living on 90% of his multiple salaries.

Many times its not possible to do the work without accessing the company network. You have data that you need, source code and infrastructure like databases etc. if he had to send everything to the offshore developer, he would be spending all day copying stuff

I read it from this link, which indicated that they found the perp after noticing a Chinese address in their VPN access logs, and that this VPN token belonged to an employee who was sitting onsite at his desk at the time he was supposedly using his token.

Two-bit developer wasn't smart enough to create a connection between his home and work (via VPN) and having his Chinese partner in crime do the work from his (the two-bit developer's) home network. Duh.